use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method testCreatePermissionTicketWithResourceId.
@Test
public void testCreatePermissionTicketWithResourceId() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertNotNull(response.getTicket());
assertFalse(authzClient.protection().permission().findByResource(resource.getId()).isEmpty());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method testGetPermissionTicketWithPagination.
@Test
public void testGetPermissionTicketWithPagination() throws Exception {
String[] scopes = { "ScopeA", "ScopeB", "ScopeC", "ScopeD" };
ResourceRepresentation resource = addResource("Resource A", "kolo", true, scopes);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), scopes));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
// start with fetching the second half of all permission tickets
Collection<String> expectedScopes = new ArrayList(Arrays.asList(scopes));
List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, true, 2, 2);
assertEquals("Returned number of permissions tickets must match the specified page size (i.e., 'maxResult').", 2, tickets.size());
boolean foundScope = expectedScopes.remove(tickets.get(0).getScopeName());
assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
foundScope = expectedScopes.remove(tickets.get(1).getScopeName());
assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
// fetch the first half of all permission tickets
tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, true, 0, 2);
assertEquals("Returned number of permissions tickets must match the specified page size (i.e., 'maxResult').", 2, tickets.size());
foundScope = expectedScopes.remove(tickets.get(0).getScopeName());
assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
foundScope = expectedScopes.remove(tickets.get(1).getScopeName());
assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method testCreatePermissionTicketWithResourceWithoutManagedAccess.
@Test
public void testCreatePermissionTicketWithResourceWithoutManagedAccess() throws Exception {
ResourceRepresentation resource = addResource("Resource A");
PermissionResponse response = getAuthzClient().protection().permission().create(new PermissionRequest(resource.getName()));
assertNotNull(response.getTicket());
assertTrue(getAuthzClient().protection().permission().findByResource(resource.getId()).isEmpty());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method testCreatePermissionTicketWithScopes.
@Test
public void testCreatePermissionTicketWithScopes() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), "ScopeA", "ScopeB", "ScopeC"));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertPersistence(response, resource, "ScopeA", "ScopeB", "ScopeC");
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method testRemoveScopeFromResource.
@Test
public void testRemoveScopeFromResource() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB");
PermissionRequest permissionRequest = new PermissionRequest(resource.getId(), "ScopeA", "ScopeB");
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
assertNotNull(response.getTicket());
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
AuthorizationResource authorization = getClient(getRealm()).authorization();
ResourceScopesResource scopes = authorization.scopes();
ScopeRepresentation removedScope = scopes.findByName("ScopeA");
List permissions = authzClient.protection().permission().findByScope(removedScope.getId());
assertFalse(permissions.isEmpty());
resource.setScopes(new HashSet<>());
resource.addScope("ScopeB");
authorization.resources().resource(resource.getId()).update(resource);
permissions = authzClient.protection().permission().findByScope(removedScope.getId());
assertTrue(permissions.isEmpty());
ScopeRepresentation scopeB = scopes.findByName("ScopeB");
permissions = authzClient.protection().permission().findByScope(scopeB.getId());
assertFalse(permissions.isEmpty());
}
Aggregations